Packages changed: NetworkManager NetworkManager-openconnect NetworkManager-openvpn NetworkManager-pptp NetworkManager-vpnc cnf file-roller (43.0 -> 43.1) fwupd (1.9.9 -> 1.9.10) gjs (1.78.0 -> 1.78.1) gnome-maps (45.1 -> 45.2) gnome-shell (45.1 -> 45.2) gnome-shell-extensions (45.1 -> 45.2) graphviz haveged hwdata (0.376 -> 0.377) libadwaita (1.4.1 -> 1.4.2) libnl3 (3.8.0 -> 3.9.0) mariadb-connector-c (3.3.7 -> 3.3.8) mutter nautilus (45.1 -> 45.2) ncurses (6.4.20231125 -> 6.4.20231202) netdata policycoreutils polkit (121 -> 123) python-urllib3 (2.0.7 -> 2.1.0) qt6-base sqlite3 (3.44.0 -> 3.44.1) sudo (1.9.14p3 -> 1.9.15p2) totem tuned xdg-desktop-portal xmlsec1 zenity (3.99.90 -> 3.99.91) === Details === ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-pppoe NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add python3.6-in-sle.patch: SLE still takes python 3.6 as primary system, the patch allows meson to find python 3.6 in SLE. ==== NetworkManager-openconnect ==== - Rename gnome subpackage to NetworkManager-applet-openconnect to more accurately reflect its usage - Add missing supplements: - NM and openconnect - NMA subpackage: Main package and NMA ==== NetworkManager-openvpn ==== - Rename gnome subpackage to NetworkManager-applet-openvpn to more accurately reflect its usage - Add missing supplements: - NM and openvpn - NMA subpackage: Main package and NMA ==== NetworkManager-pptp ==== - Rename gnome subpackage to NetworkManager-applet-pptp to more accurately reflect its usage - Add missing supplements: - NM and pptp - NMA subpackage: Main package and NMA ==== NetworkManager-vpnc ==== - Rename gnome subpackage to NetworkManager-applet-vpnc to more accurately reflect its usage - Add missing supplements: - NM and vpnc - NMA subpackage: main package and NMA ==== cnf ==== Subpackages: cnf-bash - Enable build on riscv64 ==== file-roller ==== Version update (43.0 -> 43.1) - Update to version 43.1: + Fixed deb package support. + Fixed wrong filename when opening a files on Google Drive. + Updated README. + Updated translations. ==== fwupd ==== Version update (1.9.9 -> 1.9.10) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.10: + This release adds the following features: - Add support for not_hardware requirements - Add support for loongarch64 - Add support for per-release priority attributes - Make USB claim retry count configurable across devices + This release fixes the following bugs: - Compare the HID report value when checking for duplicates - Consider the component priority when installing composite updates - Deploy the CCGX firmware correctly the first time - Do not export the 'main-system-firmware' and 'cpu' GUIDs - Enforce fwupd version requirements client side - Fix Genesys 'failed to get static tool info from device' error - Fix potential 'dereference before null check' in ccmx-dmc - Fix the 'already registered private FuMmDevice flag with value' warning - Fix the 'assertion backend_id != NULL failed' runtime warning - Fix Wacom USB device emulation by recording the composite phases - Generate generic request message text where possible - Hide HTTP passwords in fwupd debugging logs - Let the client know what interaction is expected - Make all critical warnings into backtraces for non-release builds - Never obsolete the wrong HSI attribute - Never show a HSI index that is impossible - Only apply fastboot plugin to modem devices supporting fastboot - Only send interactive requests when the sender is alive - Remove the now-obsolete Synaptics MST cascade device scanning - Replace the Redfish KCS user if required - Restrict mediatek-scaler devices on specific hardware only - Skip any recovery partitions when detecting ESP ==== gjs ==== Version update (1.78.0 -> 1.78.1) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.78.1: + Gtk template signals cause a reference cycle that is not detected + Modules from resources may get loaded twice + docs: add examples for creating cairo image surfaces + Deadlocks between GJS GC and dconf gsettings when a setting value is changed + Gtk3: Fix leak in GtkBuilder template signal connections - Drop 3cae384aaf15dec6653b1a5400032c2c2e5dc34c.patch: Fixed upstream ==== gnome-maps ==== Version update (45.1 -> 45.2) - Update to version 45.2: + Fixed triggering a extranous reload of the trip query in the case the user has already filled in query points + Updated translations. ==== gnome-shell ==== Version update (45.1 -> 45.2) Subpackages: gnome-extensions gnome-shell-calendar - Update to version 45.2: + Fix performance degradation due to repeated signal leak + Optimize application search + Fix on-screen keyboard backspace getting stuck + Fix arrow navigation in search results + Support async code in Eval() D-Bus method + Fix sliders not requesting any size + Only show prefs dialog after the extension has been loaded + Improve high-contrast styling + Fix mapping of tablet rings/strips + Add support for "version-name" field in extension metainfo + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. ==== gnome-shell-extensions ==== Version update (45.1 -> 45.2) Subpackages: gnome-shell-classic gnome-shell-extensions-common - Update to version 45.2: + window-list: - Fix buttons not being clickable at the screen edge - Really fix initial preview visibility + workspace-indicator: Really fix initial preview visibility + Misc. bug fixes and cleanups ==== graphviz ==== Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4 - Require bitstream-vera-fonts for correct .png rendering by doxygen+dot ==== haveged ==== Subpackages: libhavege2 - Remove haveged-switch-root.service because it's implemented incorrectly and neither upstream don't know how to fix it (#77). On the other hand, without this service haveged will be started from scratch after switch root so it's hopefully no big deal. Also remove patch for bsc#1203079 as it's considered as a security threat because of creating fixed name file in world-writable directory. [jsc#PED-6184, bsc#1206699] * Remove - haveged-switch-root.service - haveged-switch-root.patch ==== hwdata ==== Version update (0.376 -> 0.377) - update to 0.377: * Fixed trailing spaces in pnp.ids ==== libadwaita ==== Version update (1.4.1 -> 1.4.2) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.4.2: + Really fix build with libappstream 1.0 ==== libnl3 ==== Version update (3.8.0 -> 3.9.0) Subpackages: libnl-config libnl3-200 - Update to release 3.9 * route/link: add bonding interface options set rtnl apis * route: fix memleak in rtnl_act_parse() * route/tc: avoid integer overflow in rtnl_tc_calc_cell_log() ==== mariadb-connector-c ==== Version update (3.3.7 -> 3.3.8) - Update to 3.3.8: * https://mariadb.com/kb/en/mariadb-connector-c-3-3-8-release-notes/ ==== mutter ==== - Rebase mutter-SLE-bsc984738-grab-display.patch. ==== nautilus ==== Version update (45.1 -> 45.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 - Update to version 45.2: + Don't crash when reconnecting to remove server. + Actually detect unmount on some non-native mounts. + Don't crash on image properties. + Allow types and sizes in Properties to expand. + Don't corrupt toast messages. + Updated translations. ==== ncurses ==== Version update (6.4.20231125 -> 6.4.20231202) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20231202 + correct initial alignment of extended capabilities in infocmp, so that the "-u" option can be used for more than two terminal types. + improve formatting/style of manpages, changing environment variables to italics (patches by Branden Robinson). ==== netdata ==== Subpackages: netdata-plugin-cups netdata-plugin-go - XEN only exists on x86 and aarch64 - Enable freeipmi plugin everywhere ==== policycoreutils ==== Subpackages: policycoreutils-python-utils python3-policycoreutils - Re-add "Obsoletes: policycoreutils-python <= 2.6" to avoid file conflicts with /usr/share/bash-completion/completions/setsebool of older policycoreutils-python-2.6 ==== polkit ==== Version update (121 -> 123) Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0 - Update to version 123: + Highlights: - better safety with deeper restriction of the configuration files - better safety with restricting the daemon's owner under systemd - better safety with the systemd unit sandboxing - less thread races during upload of the configuration - Changes from version 122: + Highlights: - new Georgian translation - port to mozjs-102 - daemon-less build (support for e.g. flatpak deps) - re-enable of (API) documentation build - See more detailed changes in the included NEWS.md file. - Change URL and Source to new home, and drop polkit.keyring and tar.gz.sign tarball signature, no longer available. - Drop polkit-fix-pam-prefix.patch: Fixed upstream. - Add /usr/bin/dbus-daemon BuildRequires, needed for tests. Replace the dbus-1 with /usr/bin/dbus-daemon Requires. - change /usr/share/polkit-1/rules.d to 555,root:root. /usr content isn't secret anyway so this avoids non-root owned files in /usr (boo#1215482) - update 50-default.rules to allow adding more admin rules (jsc#PED-260, drop polkit-no-wheel-group.patch) ==== python-urllib3 ==== Version update (2.0.7 -> 2.1.0) - update to 2.1.0: * Removed support for the deprecated urllib3[secure] extra. * Removed support for the deprecated SecureTransport TLS implementation. * Removed support for the end-of-life Python 3.7. * Allowed loading CA certificates from memory for proxies. * Fixed decoding Gzip-encoded responses which specified ``x-gzip`` content-encoding. ==== qt6-base ==== Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 - Add upstream patch for a bug in QMimeDatabase that causes some applications to hang: * 0001-QMimeDatabase-handle-buggy-type-definitions.patch * https://code.qt.io/cgit/qt/qtbase.git/commit/?id=54656da9ace06caf4a0eeb1832989c0ab211a4a0 ==== sqlite3 ==== Version update (3.44.0 -> 3.44.1) Subpackages: libsqlite3-0 sqlite3-tcl - Update to release 3.44.2 * Fix a mistake in the CLI that was introduced by the fix in 3.44.1. * Fix a problem in FTS5 that was discovered during internal fuzz testing only minutes after the 3.44.1 release was tagged. * Fix incomplete assert() statements that the fuzzer discovered. * Fix a couple of harmless compiler warnings that appeared in debug builds with GCC 16. - Update to release 3.44.1 * Change the CLI so that it uses UTF-16 for console I/O on Windows. * Other obscure bug fixes. ==== sudo ==== Version update (1.9.14p3 -> 1.9.15p2) Subpackages: sudo-plugin-python - Update to 1.9.15p2: * Fixed a bug on BSD systems where sudo would not restore the terminal settings on exit if the terminal had parity enabled. GitHub issue #326. - Update to 1.9.15p1: * Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers from being able to read the ldap.conf file. GitHub issue #325. - Update to 1.9.15: * Fixed an undefined symbol problem on older versions of macOS when "intercept" or "log_subcmds" are enabled in sudoers. GitHub issue #276. * Fixed "make check" failure related to getpwent(3) wrapping on NetBSD. * Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. * Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. * The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes. GitHub issue #294. * The AIX and Solaris sudo packages on www.sudo.ws now support "log_subcmds" and "intercept" with both 32-bit and 64-bit binaries. Previously, they only worked when running binaries with the same word size as the sudo binary. GitHub issue #289. * The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. * Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. For LDAP sudoers, the name of the matching sudoRole is printed instead. * The embedded copy of zlib has been updated to version 1.3. * The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. This addresses CVE-2023-42465. * The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. * A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. * The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. Bug #1058. * Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values. GitHub issue #312. * Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user. GitHub issue #318. * New Indonesian translation from translationproject.org. * The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. * Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. * Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. - Package/ship empty /etc/sudoers.d directory for admins to discover where to put their won config. - Introduce optional wheel and sudo group policies as separate packages (bsc#1203978, jsc#PED-260) - Install config files into /usr/etc and read from both location: /etc and /usr/etc (bsc#1205118) ==== totem ==== Subpackages: totem-plugins totem-video-thumbnailer - Add upstream bug fix patches: + ac2d02530d3b555e44907162be05536a5927b2a0.patch: gst: Force using newer GStreamer libva plugins + d16d9ad1d2b214996639e4f01c4515b611fb2739.patch: data: Add new canonical mime-type for AVI files ==== tuned ==== - do not package inoperable plugins (bsc#1217758) ==== xdg-desktop-portal ==== - Own the directory which packages will use for portals.conf configuration files ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-nss1 libxmlsec1-openssl1 - Make use of openSUSE build flags ==== zenity ==== Version update (3.99.90 -> 3.99.91) - Update to version 3.99.91: + password: - Remove spurious "Warning" heading - Only fetch username buffer if username option specified + build: Add implicit fallthrough warnings + password/msg: Handle ZENITY_TIMEOUT to be in line with other libadwaita-based dialogs + filesel: Fix exit statuses for cancel and timeout + Cleanup 'timeout' and make it work properly for all dialogs + util: Maintain default timeout exit status as 5 for backwards compat; various cleanups + text: webkit2gtk-6.0 fixes + msg: Code cleanups + Updated translations.